Both browsers add antiphishing features meant to protect against malicious fake sites that attempt to trick users into divulging their log-ins or financial information. Firefox's default protection stops at comparing sites against a known blacklist of phishing sites, while IE 7 includes site analysis that will try to warn you about a suspicious site even if it's not yet on a blacklist, an approach similar to that implemented in the latest security suites.
According to the folks in Redmond, IE 7 will scan a page for phishing hallmarks in the URL or page content. The addresses of suspicious sites will get sent to Microsoft, where they're compared against a blacklist. If a site is on the list, IE will block the page. If it's a known good site, you'll see the page. If the site is unrecognized, you'll get a warning. Microsoft says it protects your privacy and the URL queries it receives, but it does save the data.
Testing page content (as opposed to relying solely on a blacklist) is a good idea since phishing sites typically have very short life spans, or they shift Web addresses quickly as the crooks behind them race to nail a few victims before being blacklisted.
By default, Firefox compares sites against a locally stored blacklist--meaning you won't have to send out lists of the URLs you visit--and displays a warning if it sees a match. However, you can instead choose to send the URLs you visit to Google, which will compare them against a more frequently updated list. Google doesn't associate the information it logs with other personal data about you, but the URL or other page information sent may itself include personal data that will be logged.
IE 7's new security features go beyond an antiphishing tool. For example, its "Delete Browsing History" option clears temporary files, cookies, history, form data, and passwords, either all at once or separately, something you can already do in Firefox 1.5. You also get a new "Fix Settings for Me" feature that warns you if you reset security settings to something Microsoft deems unsafe.
Microsoft has also improved ActiveX handling, tightened the program's code, and changed the underlying architecture to reduce potential areas of attack for hackers. Overall, the new IE has many more security fixes than the revised Firefox. But such fixes were necessary to address IE 6's many holes, including some recent ones that allow drive-by downloads that can fill your PC with malware if you visit a poisoned site.
Moreover, while Firefox has its share of security flaws, Mozilla has proven much faster at patching them.